Mailing List SIMS@mail.stalker.com Message #7588
From: Paul Galati <pgalati@jackrouse.com>
Subject: RE: Whitehole Entries
Date: 26 Jan 2001 14:28:00 -0400
To: Bill Cole <listbill@scconsult.com>, <SIMS@stalker.com>
X-Mailer: Mail*Link SMTP for Quarterdeck Mail; Version 4.1.0
Bill,

Am I supposed to tell my users that they now have two addresses; 1 for nice mail servers and 1 for open relays.  Tell them to use the nice mail first.  If it does not work and get's caught by maps, then use the other address.  That is silly.  Is that typical for ISP's to do that?

So because almost every acoount receives mail from open relays, there is no point in having my server contact the maps list.  The mail will be accepted anyway by the router entry.  The router should accept the exception, not all or none.

That should make the server response time a little better.

*********************
Paul Galati
PGalati@JackRouse.com
*********************

_______________________________________________________________________________
From: Bill Cole on Fri, Jan 26, 2001 2:01 PM
Subject: RE: Whitehole Entries
To: Paul Galati; SIMS@stalker.com

At 11:35 AM -0400 1/26/01, Paul Galati wrote:
>Then what is the point of using the RBL.

ORBS is *NOT* 'the RBL'

The RBL is a MAPS list, the first of its kind. It is one of 3
distinct MAPS lists that use the same DNS mechanism. ORBS also
publishes a list using that mechanism. At times, there have been
other public lists using the same mechanism, but currently all but
those run by ORBS have either been taken over by MAPS (by way of
hiring the originators) or shut down. There are also many private
lists of that type.

If you use ANY list to reject mail, you need to make sure that it
really does what you want. A lot of people find the main unified ORBS
list unsuitable for their servers. I certainly would not be able to
use it on any sever I manage.


>  Almost every account I
>manage has at least 1 person who communicates with somebody on an
>ISP that operates an open relay.  If the whitehole only makes the
>local account exempt, then everybody would be exempt.  So you are
>saying the syntax would be
>
><PGalati%*@blacklisted> = PGalati
>
>Because I communicate with one person whose ISP is an open relay,
>this router entry will open my account to that one person plus all
>the other open relays on the planet as well.
>
>Please correct me if I am wrong

Absolutely right.

Another tactic is to use 'tagged' addresses. The following lines in
your router would be the SIMS part of tagging to get through
blacklists:

<PGalati+*@blacklisted> = PGalati
<PGalati+*> = PGalati

Then you can give out any address you like with a tag (for example,
<PGalati+monica@jackrouse.com>) and any mail to that tagged address
will go through the blacklisting and be routed to your account. The
use of '+' as the tag delimiter is an old convention started by
sendmail, but any character that is legal in an email address can be
used. Effectively this creates a patterned class of aliases for your
account and whitelists all the aliases, but not the real account.
Anyone who needs to get through from a blacklisted site can do so by
sending to a tagged address.

This is also very convenient for giving an email address to people
whom you may not trust to not spam you in the future, because you can
kill individual tagged addresses easily in the router. For example,
if you have to give an email address to Sooper Dooper Warez Inc. to
get them to send you a software key, you might give them
<pgalati+sdwkey@jackrouse.com>. If a month later they go bankrupt and
their customer list gets bought out of bankruptcy by a spammer, you
can add this to the router before the lines shown above:

<PGalati+sdwkey%jackrouse.com@blacklisted> = spamtrap
<PGalati+sdwkey@jackrouse.com> = spamtrap

That turns this one tagged address into a spamtrap. You could also
use 'error' or 'null' if you prefer; I like using 'spamtrap' on
burned addresses because it makes the rejection a bit more mysterious
to the sender than 'error' but it does  actually reject mail, unlike
'null.'

Not letting the sender address be a key to getting through the
blacklist is good design on the part of Stalker, even though it might
be a bit annoying. There is no way to authenticate the sender
address, and faking it is trivially easy. FWIW, most of the spam I
get these days *claims* to be from an msn.com address, but most of it
doesn't actually pass through any MSN mail server.




--
Bill Cole
Senior Consultant, MAPS L.L.C. Consulting Services Group
wkc@mail-abuse.org (work)
bill@scconsult.com (personal)

------------------ RFC822 Header Follows ------------------
Received: by QD.JackRouse.com with ADMIN;26 Jan 2001 13:54:45 -0400
Received: from sc1.scconsult.com ([63.248.80.23] verified) by JackRouse.com (Stalker SMTP Server 1.8b8) with ESMTP id S.0000734523 for <pgalati@jackrouse.com>; Fri, 26 Jan 2001 13:54:43 -0500
Received: from toaster.scconsult.com ([192.168.254.12] verified) by sc1.scconsult.com (Stalker SMTP Server 1.8b8) with ESMTP id S.0000080825; Fri, 26 Jan 2001 13:54:37 -0500
Mime-Version: 1.0
Message-Id: <p04330101b6975944ef2b@toaster.scconsult.com>
In-Reply-To: <n1231613492.32825@QD.JackRouse.com>
References: <n1231613492.32825@QD.JackRouse.com>
Date: Fri, 26 Jan 2001 13:54:31 -0500
To: "Paul Galati" <pgalati@jackrouse.com>, SIMS@stalker.com
From: Bill Cole <listbill@scconsult.com>
Subject: RE: Whitehole Entries
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster